EP3641349B1 - Procédé, système et programmes informatiques permettant de fournir un modèle utilisateur informé de la localisation pour préserver la confidentialité de l'utilisateur - Google Patents
Procédé, système et programmes informatiques permettant de fournir un modèle utilisateur informé de la localisation pour préserver la confidentialité de l'utilisateur Download PDFInfo
- Publication number
- EP3641349B1 EP3641349B1 EP18382740.1A EP18382740A EP3641349B1 EP 3641349 B1 EP3641349 B1 EP 3641349B1 EP 18382740 A EP18382740 A EP 18382740A EP 3641349 B1 EP3641349 B1 EP 3641349B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- data
- computing device
- heatspot
- heatspots
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 27
- 238000004590 computer program Methods 0.000 title description 2
- 150000003839 salts Chemical class 0.000 claims description 11
- 230000000694 effects Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 4
- 230000007704 transition Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 3
- 238000002372 labelling Methods 0.000 claims description 2
- 238000004458 analytical method Methods 0.000 description 6
- 230000006399 behavior Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 230000007423 decrease Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000036961 partial effect Effects 0.000 description 2
- UGODCLHJOJPPHP-AZGWGOJFSA-J tetralithium;[(2r,3s,4r,5r)-5-(6-aminopurin-9-yl)-4-hydroxy-2-[[oxido(sulfonatooxy)phosphoryl]oxymethyl]oxolan-3-yl] phosphate;hydrate Chemical compound [Li+].[Li+].[Li+].[Li+].O.C1=NC=2C(N)=NC=NC=2N1[C@@H]1O[C@H](COP([O-])(=O)OS([O-])(=O)=O)[C@@H](OP([O-])([O-])=O)[C@H]1O UGODCLHJOJPPHP-AZGWGOJFSA-J 0.000 description 2
- 238000002560 therapeutic procedure Methods 0.000 description 2
- 208000019901 Anxiety disease Diseases 0.000 description 1
- 206010026749 Mania Diseases 0.000 description 1
- 230000036506 anxiety Effects 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000010191 image analysis Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003340 mental effect Effects 0.000 description 1
- 230000004630 mental health Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 208000024891 symptom Diseases 0.000 description 1
- 235000019640 taste Nutrition 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/029—Location-based management or tracking services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/38—Services specially adapted for particular environments, situations or purposes for collecting sensor information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- This invention relates to a method, and corresponding system and computer programs, for ensuring user privacy for sensor data collected from a mobile computing device such as a smartphone.
- APPS that take the advantage of phone sensors to deliver or improve their services, thus they often rely on privacy sensitive data.
- One common feature is geofencing where APPS can interact with the physical world to improve engagement and timeliness of interaction with a user.
- New techniques/solutions are therefore needed to process personal information in a more anonymous way, so the information can be shared with backend services capable of building advanced user models and apply machine learning algorithms but without the risk of exposing information that could uniquely identify the user(s).
- the invention is defined by independent method claim 1, independent system claim 6 and independent non-transitory computer-readable medium claim 7. Further details are defined in the dependent claims.
- the heatspots include different areas of different significance for the user.
- the heatspots have a given radius, equal or different among them, that can range from a few meters to several kilometers.
- the sensor capture module may reside in the platform layer of the application meaning that there is a separate version for iOS TM and Android TM . Nonetheless, the concept is not limited to a specific platform and similar features could be available on other mobile platforms, embedded systems (loT) or even web browsers.
- the processing of the collected sensor data further comprises providing at least one timestamp to each heatspot indicating the moment of time the user reached the heatspot.
- each unique identifier is encrypted based at least on a part of the location coordinates of the predetermined area.
- present invention allows for reaching an optimal trade-off between the user modeling power and the level of data sensitivity. Moreover, present invention increases user trust and decreases risk in case of data breaches. Besides, higher compliance with data regulations is achieved.
- Present invention focuses on privacy preservation while still allowing for the sensor data collection and user modelling.
- the descriptions below focus on sensor data that can potentially expose private information and how that can be anonymized without losing the ability to process the data in a personalized way.
- the aim of the present invention is to build a good user model that can be 100% anonymous using data that anonymized while still being equally or close to equally relevant as its non-privacy invasive counterpart.
- the heatspot works in such a way that for each location obtained from the user's mobile computing device it compares it to a list of locally cached areas within a certain radius and if there is a previous match the number of "hits" in that area is increased. The benefit of this is that it does not require continuous monitoring; on the contrary by obtaining a location at regular or fairly regular intervals the reliability of the heatspot importance is improved.
- Heatspot 1 as User A's Home
- Heatspot 2 as User A's workplace
- Heatspots 3-5 intermediate points such as commuting.
- the granularity is further improved since it will allow transition monitoring between heatspots allowing user flows to be simulated without exposing location details.
- the user can be in control of this. This is accomplished by exposing an option on application or user level that controls the size of the heatspot.
- the heatspot radius must be relatively low to be able to determine if the user is at home or in another heatspot.
- it might be sufficient to have a larger heatspot radius for instance if it needs to be detected if the user is travelling for work or spend weekends away without exposing to where, then a heatspot the size of a city would be more than sufficient. In both cases the exact location is never compromised but having the option to tune the granularity might offer more peace of mind for the user.
- the heatspot is simply labeled or identified with an identifier that is specific for each user, i.e. users A, B and C will all have Heatspots 0, 1, 2 and so on.
- the identifier is further encrypted based at least on a part of the location coordinates of the predetermined area.
- the computer would be able to correlate behaviors, movements etc. between users active in the same heatspots. It could also be used to conclude if users spending a lot of time in similar areas also share similar behaviors, problems etc.
- the computer randomly creates a seed for creating a salt key. Then, the computer automatically creates the random salt key (with a pre-defined number of characters), encrypts it and stores it for the future use. The computer also decides on a hashing technique to be used to obfuscate the locations, e.g.
- SHA-256 note that the computer can change a hashing technique over time to use the latest one
- the mobile computing device applies the hashing technique with the salt key to every location and sends only a hash to the computer.
- the application comprises several parts: an interactive therapy program designed to address the symptoms, a chat with the therapist or an anonymous support group, and other features. Now while the user may follow the program at certain pace or interact with the therapist or support group on random occasions, these are all user initiated actions. There is also a need for preventive measures and detecting anomalies in the user movement patterns as a good indicator that something might be wrong.
- the application can query the user about the current perceived health state, then recommend the user to take a walk and finally "alert" the peers about a potentially unhealthy situation. In no case would this expose the user's exact whereabouts.
- the APP can provide a service for detecting early signs that a user is going to experience a mental health crisis (such as depression, mania, or similar).
- a mental health crisis such as depression, mania, or similar.
- the literature showed that mobility patterns are important predictors of the upcoming crises.
- using raw locations is considered to be extremely privacy invasive, and in particular patients do not feel comfortable to share it.
- storing raw locations poses additional requirements, for instance GDRP imposes "high" security measures that are extremely challenging to comply to particularly for smaller companies (such as physical security, logging not only electronic access to the server but authenticating people who are in physical vicinity of the server and granting special permissions, etc.).
- Storing heatspots instead of raw locations eliminates the data security requirements, while still allowing for the models to incorporate the analysis of mobility patterns (e.g. knowing that a sequence of very specific locations is a predictor of the crisis, the algorithm can have the same accuracy with heatspots like in the case of raw locations).
- an APP delivers notifications to its users
- the right timing is crucial for the engagement. Knowing in which heatspots its users are more responsive for specific time periods, the "right time” algorithm can work therefore without the need to store real locations.
- the very same concept of heatspots applies for the obfuscation of the internet logs, representing online whereabouts as opposed to locations that represent whereabouts in real life.
- the granularity is defined in the following way (note that the granularity was defined based on distances in the location use case).
- Each next visibility level has one degree of a lower granularity from the previous one.
- the above list is ordered from the lowest to the highest granularity with respect to the heatspot concept.
- variations in the above categories are allowed as long as they provide different levels of the URL visibility with the related partial or full obfuscation.
- the Bluetooth sensor is responsible for scanning the surroundings for Bluetooth or Bluetooth LE devices. This provides a way to detect which beacons that normally is available in the surroundings of the user.
- the most obvious example is a Bluetooth smartphone that would identify another individual but other devices such as smart speakers, TV's etc. could indicate incoming level and other interesting parameters that are valuable for the user modelling.
- Bluetooth identifier can indirectly reveal extremely privacy sensitive information, e.g. which exactly device a user is the surrounding of at 2am during the weekends. It could however still be valuable for the model to know that this device is frequently or repeatedly present in the surroundings of the user. If used in a raw format, it is possible to reverse engineer if the identifier corresponds to a mobile phone (therefore a person) or to a specific device, TV, headphones, laptop, etc.
- Bluetooth address should not be shared with the backend for analysis, unless protected.
- the general flow from device detection to recommendation via analysis is described on Fig. 4 .
- Each APP can generate a unique and persistent identifier id. This id will be used to hash/encrypt the remote Bluetooth device address. For example, Bluetooth address: AABBCCDDEEFF11 would be 45fe12aa673423. This means that even if User A and User B sees the same device, they will report different identifiers to the computer/server. Recognition can only be done for the same reporting device (seeing the same beacon twice will generate the same result).
- Fig. 5 illustrates an example of how the same device generates two different identifiers when reported to the server.
- Bluetooth address AABBCCDDEEFF11 would be AABBCCaa673423 (3 first bytes are preserved).
- Fig. 6 illustrates an example in which User A and B reports User C to the server but only the manufacturer identifier is preserved.
- User B has Bluetooth address: AABBCCDDEEFF11.
- AABBCCaa673423 When User A sees user B he will report AABBCCaa673423 to the backend.
- User C sees user B he will also report: AABBCCaa673423. This way it can be deducted that User A and User C both interact with User B even though the exact details of User B's address is not shared.
- Fig. 7 is an illustration of how User A and User B would both report the same, anonymized identifier for User C.
- the maximum Bluetooth range (for v5.0) is around 120m.
- Fig. 8 illustrates how User B's privacy settings eliminate User A from the devices reported for analysis since it is outside of the predefined range.
- the server in any of the described embodiments, will allow computing a model of how the user interacts with other peers and devices. It will also allow the system to learn about random encounters vs repeated ones. Devices that are part of the home scenario vs work. In an extension, it can also be used to anonymously map circles of users to each other if they are all using the same platform. In contrast to other commercial and ad focused services, this is all done while preserving the privacy of both the user and the detected peers.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Claims (8)
- Procédé pour fournir un modèle d'utilisateur sensible à l'emplacement protégeant la vie privée de l'utilisateur, le procédé comprenanta) la collecte, par un module de capture de capteur, des données de capteur provenant d'une pluralité de capteurs installés sur un dispositif informatique mobile d'un utilisateur ;b) le traitement, par un ordinateur, desdites données de capteur collectées de manière anonyme en regroupant les données de capteur collectées en différents points chauds, lesdits points chauds incluant différentes zones d'importance différente pour ledit utilisateur, et chacun des points chauds comprenant un rayon donné ;c) l'étiquetage, par l'ordinateur, de chacun des points chauds avec un identifiant unique correspondant à une zone prédéterminée, etd) la génération, par l'ordinateur, d'un modèle d'utilisateur sensible à l'emplacement en fonction desdits identifiants, de sorte que ledit modèle d'utilisateur sensible à l'emplacement généré soit approprié pour offrir des recommandations à l'utilisateur par l'intermédiaire du dispositif informatique mobile, pour effectuer des études et/ou fournir une entrée à d'autres modèles d'utilisateur,dans lequel le procédé comprend en outre ;
effectuer les étapes a)-d) pour une pluralité d'utilisateurs différents actifs dans les mêmes points chauds, de telle sorte qu'un modèle d'utilisateur sensible à l'emplacement soit généré pour chacun de la pluralité d'utilisateurs différents :le calcul, par l'ordinateur, d'un germe et l'utilisation dudit germe calculé pour créer et chiffrer automatiquement une clé de sel aléatoire ;la détermination, par l'ordinateur, d'une technique de hachage à utiliser pour masquer les différents points chauds, et transmettre au dispositif informatique mobile de chaque utilisateur de ladite pluralité d'utilisateurs différents la clé de sel aléatoire chiffrée et la technique de hachage déterminée ; etl'application, par chaque dispositif informatique mobile, de la technique de hachage avec la clé de sel à chaque point chaud et la transmission d'un hachage à l'ordinateur, etdans lequel les données de capteur collectées incluent un ou plusieurs des éléments suivants : des données d'accéléromètre ; des données d'activité ; des données sur les applications installées dans le dispositif informatique : des données sur un niveau de batterie du dispositif informatique ; des données sur les balises Bluetooth dans le point chaud ; des journaux d'appels ; des données sur le dispositif informatique, incluant le modèle et/ou le nom de la marque ; des données indiquant si un casque d'écoute est branché ou non : des journaux Internet et/ou historique de navigation ; le niveau de luminosité actuel, des données de localisation, si de la musique est en train d'être jouée ou non, le niveau de bruit ambiant ; des données de podomètre : des données de réseau concernant le dispositif informatique incluant l'itinérance, l'opérateur, la tour de téléphonie cellulaire, des données de transmission/réception, mobile/Wi-Fi, le mode avion et/ou le pays ; des données sur les lieux ou le type d'établissements à proximité du point chaud ; des données indiquant si un écran du dispositif informatique est allumé/éteint ; des journaux SMS ; des données indiquant les transitions d'activité de l'utilisateur ; et/ou des données indiquant la dynamique de marche de l'utilisateur. - Procédé selon la revendication 1, dans lequel ladite étape b) comprend en outre la fourniture d'au moins un horodatage à chaque point chaud indiquant le moment temporel où l'utilisateur a atteint le point chaud.
- Procédé selon les revendications précédentes, dans lequel chaque identifiant unique est chiffré en fonction d'au moins une partie des coordonnées de localisation de la zone prédéterminée.
- Procédé selon les revendications précédentes, dans lequel les rayons des différents points chauds sont égaux ou différents entre eux.
- Procédé selon les revendications précédentes, dans lequel le rayon des différents points chauds varie de quelques mètres à plusieurs kilomètres.
- Système pour fournir un modèle d'utilisateur sensible à l'emplacement protégeant la vie privée de l'utilisateur, comprenant ;une pluralité de dispositifs informatiques mobiles, chacun appartenant à un utilisateur d'une pluralité d'utilisateurs différents ;un module de capture de capteur installé sur chaque dispositif informatique mobile de la pluralité de dispositifs informatiques mobiles pour collecter des données de capteur à partir d'une pluralité de capteurs installés sur chaque dispositif informatique mobile, des données de capteur collectées incluant un ou plusieurs des éléments suivants : des données d'accéléromètre ; des données d'activité ; des données sur les applications installées dans le dispositif informatique ; des données sur un niveau de batterie du dispositif informatique ; des données sur les balises Bluetooth dans le point chaud ; des journaux d'appels ; des données sur le dispositif informatique, incluant le modèle et/ou le nom de la marque ; des données indiquant si un casque d'écoute est branché ou non ; des journaux Internet et/ou historique de navigation, le niveau de luminosité actuel ; des données de localisation ; si de la musique est en train d'être jouée ou non ; le niveau de bruit ambiant ; des données de podomètre ; des données de réseau concernant le dispositif informatique incluant l'itinérance, l'opérateur, la tour de téléphonie cellulaire, des données de transmission/réception, mobile/Wi-Fi, le mode avion et/ou le pays ; des données sur les lieux ou le type d'établissements à proximité du point chaud ; des données indiquant si un écran du dispositif informatique est allumé/éteint ; des journaux SMS ; des données indiquant les transitions d'activité de l'utilisateur ; et/ou des données indiquant la dynamique de marche de l'utilisateur ;un ordinateur incluant un ou plusieurs processeurs et au moins une mémoire, dans lequel l'un ou plusieurs processeurs sont configurés pour :traiter les données de capteur collectées de chaque utilisateur de la pluralité d'utilisateurs différents de manière anonyme en regroupant les données de capteur collectées en différents points chauds, lesdits points chauds incluant différentes zones d'importance différente pour l'utilisateur, et chacun des points chauds comprenant un rayon donné :étiqueter chaque point chaud avec un identifiant unique correspondant à une zone prédéterminée ;générer un modèle d'utilisateur sensible à l'emplacement pour chaque utilisateur en fonction desdits identifiants, de sorte que ledit modèle d'utilisateur sensible à l'emplacement généré soit approprié pour offrir des recommandations à l'utilisateur par l'intermédiaire du dispositif informatique mobile, effectuer des études et/ou fournir une entré à d'autres modèles d'utilisateur :calculer une graine et utiliser la graine pour créer et chiffrer automatiquement une clé de sel aléatoire : etdéterminer une technique de hachage à utiliser pour masquer les différents points chauds, et transmettre au dispositif informatique mobile de chaque utilisateur de la pluralité d'utilisateurs différents la clé de sel aléatoire chiffrée et la technique de hachage déterminée, dans lequel chaque dispositif informatique mobile est en outre configuré pour appliquer la technique de hachage avec la clé de sel à chaque point chaud et pour transmettre un hachage à l'ordinateur.
- Support lisible par ordinateur non transitoire, comprenant des instructions de code qui, lorsqu'elles sont exécutées par un processeur d'un ordinateur, mettent en œuvre un procédé pour fournir un modèle d'utilisateur sensible à l'emplacement protégeant la vie privée de l'utilisateur selon la revendication 1.
- Support lisible par ordinateur non-transitoire selon la revendication 7, dans lequel le processeur, lors du traitement des données de capteur collectées, fournit en outre au moins un horodatage à chaque point chaud indiquant le moment temporel où chaque utilisateur a atteint le point chaud.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18382740.1A EP3641349B1 (fr) | 2018-10-17 | 2018-10-17 | Procédé, système et programmes informatiques permettant de fournir un modèle utilisateur informé de la localisation pour préserver la confidentialité de l'utilisateur |
ES18382740T ES2911073T3 (es) | 2018-10-17 | 2018-10-17 | Método, sistema y programas informáticos para proporcionar un modelo de usuario con conocimiento de ubicación que conserva la privacidad del usuario |
PCT/EP2019/078075 WO2020079075A1 (fr) | 2018-10-17 | 2019-10-16 | Procédé, système et programmes informatiques permettant de fournir un modèle d'utilisateur sensible à l'emplacement protégeant la vie privée de l'utilisateur |
US17/232,127 US20210235261A1 (en) | 2018-10-17 | 2021-04-15 | Location Aware User Model That Preserves User Privacy Of Sensor Data Collected By A Smartphone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18382740.1A EP3641349B1 (fr) | 2018-10-17 | 2018-10-17 | Procédé, système et programmes informatiques permettant de fournir un modèle utilisateur informé de la localisation pour préserver la confidentialité de l'utilisateur |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3641349A1 EP3641349A1 (fr) | 2020-04-22 |
EP3641349B1 true EP3641349B1 (fr) | 2022-02-09 |
Family
ID=64051507
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18382740.1A Active EP3641349B1 (fr) | 2018-10-17 | 2018-10-17 | Procédé, système et programmes informatiques permettant de fournir un modèle utilisateur informé de la localisation pour préserver la confidentialité de l'utilisateur |
Country Status (4)
Country | Link |
---|---|
US (1) | US20210235261A1 (fr) |
EP (1) | EP3641349B1 (fr) |
ES (1) | ES2911073T3 (fr) |
WO (1) | WO2020079075A1 (fr) |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080306969A1 (en) * | 2005-02-19 | 2008-12-11 | Chand Mehta | method and system for improving applications based on location information of objects |
CA2585957A1 (fr) * | 2007-04-23 | 2008-10-23 | Sudhir Rajkhowa | Systeme therapeutique |
US9662391B2 (en) * | 2008-04-24 | 2017-05-30 | The Invention Science Fund I Llc | Side effect ameliorating combination therapeutic products and systems |
US8340685B2 (en) * | 2010-08-25 | 2012-12-25 | The Nielsen Company (Us), Llc | Methods, systems and apparatus to generate market segmentation data with anonymous location data |
GB2483092A (en) * | 2010-08-26 | 2012-02-29 | Sivapathalingham Sivavakeesar | A converged home network with context based delivery |
US9087213B2 (en) * | 2011-02-22 | 2015-07-21 | Fedex Corporate Services, Inc. | Systems and methods for rule-driven management of sensor data across geographic areas and derived actions |
US8310361B1 (en) * | 2011-06-13 | 2012-11-13 | Google Inc. | Creating and monitoring alerts for a geographical area |
US20120331561A1 (en) * | 2011-06-22 | 2012-12-27 | Broadstone Andrew J | Method of and Systems for Privacy Preserving Mobile Demographic Measurement of Individuals, Groups and Locations Over Time and Space |
US9516360B2 (en) * | 2012-04-12 | 2016-12-06 | Qualcomm Incorporated | Estimating demographic statistics of media viewership via context aware mobile devices |
US9037111B2 (en) * | 2012-07-30 | 2015-05-19 | Ncr Corporation | Location aware authentication techniques |
US8977288B2 (en) * | 2012-11-16 | 2015-03-10 | Broadcom Corporation | Apparatus and method for performing low-power geo-fence operations |
IL227480A0 (en) * | 2013-07-15 | 2013-12-31 | Bg Negev Technologies & Applic Ltd | A system for characterizing geographic locations based on sensor data from anonymous sources |
US9412245B2 (en) * | 2013-08-08 | 2016-08-09 | Honeywell International Inc. | System and method for visualization of history of events using BIM model |
WO2015082003A1 (fr) * | 2013-12-05 | 2015-06-11 | Nec Europe Ltd. | Procédé de préservation de confidentialité dans un système de communication et système de communication associé |
US9891064B2 (en) * | 2014-01-31 | 2018-02-13 | Aruba Networks, Inc. | Selection of a route based on prior user behavior or commercial interests |
US10440499B2 (en) * | 2014-06-16 | 2019-10-08 | Comcast Cable Communications, Llc | User location and identity awareness |
US10477359B2 (en) * | 2014-12-08 | 2019-11-12 | International Business Machines Corporation | Publishing messages based on geographic area |
CN105554743A (zh) * | 2015-12-15 | 2016-05-04 | 南京信息工程大学 | 一种避免重叠圆形攻击的移动用户位置隐私的保护方法 |
US20200322794A1 (en) * | 2016-05-30 | 2020-10-08 | Telecom Italia S.P.A. | Protection of privacy in wireless telecommunication networks |
DE102016209568B3 (de) * | 2016-06-01 | 2017-09-21 | Volkswagen Aktiengesellschaft | Verfahren, Vorrichtungen und Computerprogramme zum Erfassen von Messergebnissen von mobilen Geräten |
US10290137B2 (en) * | 2017-01-31 | 2019-05-14 | Saudi Arabian Oil Company | Auto-generation of map landmarks using sensor readable tags |
US10655984B2 (en) * | 2017-12-20 | 2020-05-19 | Florida Power & Light Company | Power state estimation for power grid serviced premises |
CN112312313B (zh) * | 2020-09-10 | 2023-07-04 | 神州融安数字科技(北京)有限公司 | 一种基于psi的地理区域进入判断方法、装置及系统 |
US11438730B1 (en) * | 2021-04-06 | 2022-09-06 | At&T Intellectual Property I, L.P. | Tracing and tracking system |
-
2018
- 2018-10-17 EP EP18382740.1A patent/EP3641349B1/fr active Active
- 2018-10-17 ES ES18382740T patent/ES2911073T3/es active Active
-
2019
- 2019-10-16 WO PCT/EP2019/078075 patent/WO2020079075A1/fr active Application Filing
-
2021
- 2021-04-15 US US17/232,127 patent/US20210235261A1/en active Pending
Also Published As
Publication number | Publication date |
---|---|
US20210235261A1 (en) | 2021-07-29 |
EP3641349A1 (fr) | 2020-04-22 |
ES2911073T3 (es) | 2022-05-17 |
WO2020079075A1 (fr) | 2020-04-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Damjanovic-Behrendt | A digital twin-based privacy enhancement mechanism for the automotive industry | |
Brandtzaeg et al. | Losing control to data-hungry apps: A mixed-methods approach to mobile app privacy | |
Fawaz et al. | Location privacy protection for smartphone users | |
US10354090B2 (en) | Systems and methods for context-based permissioning of personally identifiable information | |
Karim et al. | Big data management in participatory sensing: Issues, trends and future directions | |
EP2965257B1 (fr) | Procédé de mesure et de surveillance des niveaux d'accès à des données personnelles générées par des ressources d'un dispositif utilisateur | |
US9603011B1 (en) | Selective regulation of information transmission from mobile applications to third-party privacy compliant target systems | |
CN106030594B (zh) | 个人守护程序的加速训练 | |
Haris et al. | Privacy leakage in mobile computing: Tools, methods, and characteristics | |
Elkhodr et al. | A contextual-adaptive location disclosure agent for general devices in the internet of things | |
Mun et al. | PDVLoc: A personal data vault for controlled location data sharing | |
Scipioni et al. | I’m here! privacy challenges in mobile location sharing | |
Christin et al. | Share with strangers: Privacy bubbles as user-centered privacy control for mobile content sharing applications | |
WO2017062601A1 (fr) | Gestion de confidentialité dynamique à multiples niveaux dans un environnement de l'internet des objets avec de multiples fournisseurs de service personnalisés | |
Ahmad et al. | Adaptive security for self-protection of mobile computing devices | |
Albayram et al. | Designing challenge questions for location‐based authentication systems: a real‐life study | |
Sengan et al. | A Secure Recommendation System for Providing Context‐Aware Physical Activity Classification for Users | |
Rafferty et al. | Toy computing background | |
Damiani | Privacy enhancing techniques for the protection of mobility patterns in LBS: research issues and trends | |
EP3641349B1 (fr) | Procédé, système et programmes informatiques permettant de fournir un modèle utilisateur informé de la localisation pour préserver la confidentialité de l'utilisateur | |
Guinness et al. | MyGeoTrust: a platform for trusted crowdsourced geospatial data | |
Chang et al. | Detection of Sybil attacks in participatory sensing using cloud based trust management system | |
Rashid et al. | A survey on social-physical sensing: An emerging sensing paradigm that explores the collective intelligence of humans and machines | |
Yao et al. | A novel location privacy protection algorithm for social discovery application | |
Mekhail et al. | Visualizations to teach about mobile online privacy |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20201022 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: KOA HEALTH B.V. |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20211117 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1468249 Country of ref document: AT Kind code of ref document: T Effective date: 20220215 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602018030546 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2911073 Country of ref document: ES Kind code of ref document: T3 Effective date: 20220517 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20220209 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1468249 Country of ref document: AT Kind code of ref document: T Effective date: 20220209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220609 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220509 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220509 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220510 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220609 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602018030546 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20221110 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20221031 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221017 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221031 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221031 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230710 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20230720 AND 20230726 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R081 Ref document number: 602018030546 Country of ref document: DE Owner name: KOA HEALTH DIGITAL SOLUTIONS S.L.U., ES Free format text: FORMER OWNER: KOA HEALTH B.V., AMSTERDAM, NL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221031 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221017 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20231027 Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: ES Payment date: 20231102 Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20231025 Year of fee payment: 6 Ref country code: DE Payment date: 20231027 Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20181017 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: PC2A Owner name: KOA HEALTH DIGITAL SOLUTIONS S.L.U Effective date: 20240507 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220209 |